Not able to check the password

Dear Team,

I have one Linux system , i am facing issue to check the password.

Below troubleshooting steps are performed:-

1 - Telnet is successful.

2 - System test is successful.

3 - When i check the password of functional account getting the error :-  Unable to connect to <system name>, or the account <Account name> does not exist or is disabled.

4 - My question is if the system test is successful (Because the testing of the system is performed via functional account ) Why i am getting this error.

Need your help to resolve this issue.

  • Not sure why you mention Telnet. TPAM uses and SSH connection to carry out management tasks not telnet. Or did you use the TPAM diagnostic Telnet set to port 22 to check connectivity?

    System test is only authenticating to the target system. Check password is using the grep command and change password is using the passwd command so these need the correct permissions to execute..

    Remember the functional account needs to be root equivalent of be granted permissions to run grep and passwd as root

    If I was fault finding this I would start by ensuring that the functional account can authenticate to the system using something like PuTTy.

    I would then check to see if the functional account is a root equivalent or had been configured to run passwd and grep with root permissions. via a delegation tool such as SuDo.

     If you are using Sudo you need to add lines to allow grep and password to run as root to the  sudoers file. Something like:

    funcacct ALL=(root) NOPASSWD: /bin/grep

    funcacct ALL=(root) NOPASSWD: /usr/bin/passwd

    Where funcacct is replaced by your actual functional account..

    Once you are happy that these are correct if you are using a delegation tool ensure you have entered the delegation prefix correctly in TPAM and try again.

    Good luck.

    Tim

  •  

    Thank you for your reply, yes i used the TPAM diagnostic Telnet set to port 22 to check connectivity.

    Yes i am getting this sudo: no tty present and no askpass program specified.

  • I'm not sure what is going on here and you are not providing enough detail for me to do much more than guess at present.

    This is a Linux system and not AIX based system? AIX needs slightly different commands.

    TPAM is only carrying out standard functions in exactly the same way as an operator would from a remote session.

    If you look at the debug string TPAM displays when you run the check password test you will see the grep command it runs towards the end after all the authentication handshake information. Try logging in with PuTTy as your functional account user and run the same command and see if it works.

    If the command does not run then it is the way you have your Linux system setup.

    Try the same command string without the (SuDo prefix) using PuTTy logged in as root to see if it works to eliminate permission issues

    The error message you mention does sort of point to the Sudoers file configuration. If you have added the extra lines have you tried moving them to the end of the Sudoers file in case something else is overwriting them?

    Linux is usually very easy to get to work with TPAM using either password or key authentication. However there are so many variables you can change in the sudoers file and sshd for that matter if things don't work it can take a while to fix.

    Good luck

    Tim